On 10/30/2017 03:35 PM, John R Pierce wrote:
On 10/30/2017 10:55 AM, rakeshkumar464 wrote:
Is there a way in pgaudit to mask literal sqls like the below:
insert into table (col1,col2) values(1,2)
select * from table where col1 = 1
These sqls are typed by our QA folks using pgadmin. pgaudit records this
verbatim which runs afoul of our HIPAA requirement. Prepared
statements are
not an issue since pgaudit provides a way to suppress values.
if you have a HIPAA requirement that says 'dont run manual sql
statements', then, well, DONT.
why are QA folks making changes on production databases, anyways?
thats not within their domain. QA should be working on development
or staging databases.
I suspect the QA types are testing against production and using/seeing
real names, etc with queries which create /transitory/ tables. I wonder
if the QA folks have been HIPAA certified? Probable better to get them
redacted data for testing.
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
